English | Deutsch | Español | Português
 ID de Usuario:
 Contraseña:
Nuevo usuario
 Acerca de:   Dedicada | Avanzada | Estándar | Periódica | Sin Riesgo | Escritorio | Básica | Individual | Sello | FAQ
  Resumen de Precio/Funciones | Ordenar  | Nuevas Vulnerabilidades | Confidencialidad | Búsqueda de Vulnerabilidad
 Búsqueda de    
Vulnerabilidad   
    Buscar 114770 Descripciones CVE y
58768 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.63309
Categoría:Ubuntu Local Security Checks
Título:Ubuntu USN-715-1 (linux)
Resumen:Ubuntu USN-715-1 (linux)
Descripción:Description:
The remote host is missing an update to linux
announced via advisory USN-715-1.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

Details follow:

Hugo Dias discovered that the ATM subsystem did not correctly manage
socket counts. A local attacker could exploit this to cause a system hang,
leading to a denial of service. (CVE-2008-5079)

It was discovered that the inotify subsystem contained watch removal
race conditions. A local attacker could exploit this to crash the system,
leading to a denial of service. (CVE-2008-5182)

Dann Frazier discovered that in certain situations sendmsg did not
correctly release allocated memory. A local attacker could exploit
this to force the system to run out of free memory, leading to a denial
of service. (CVE-2008-5300)

Helge Deller discovered that PA-RISC stack unwinding was not handled
correctly. A local attacker could exploit this to crash the system,
leading do a denial of service. This did not affect official Ubuntu
kernels, but was fixed in the source for anyone performing HPPA kernel
builds. (CVE-2008-5395)

It was discovered that the ATA subsystem did not correctly set timeouts. A
local attacker could exploit this to cause a system hang, leading to a
denial of service. (CVE-2008-5700)

It was discovered that the ib700 watchdog timer did not correctly check
buffer sizes. A local attacker could send a specially crafted ioctl
to the device to cause a system crash, leading to a denial of service.
(CVE-2008-5702)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
linux-image-2.6.27-11-generic 2.6.27-11.27
linux-image-2.6.27-11-server 2.6.27-11.27
linux-image-2.6.27-11-virtual 2.6.27-11.27

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-715-1

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-5079
Bugtraq: 20081205 CVE-2008-5079: multiple listen()s on same socket corrupts the vcc table (Google Search)
http://www.securityfocus.com/archive/1/archive/1/498943/100/0/threaded
Bugtraq: 20081209 rPSA-2008-0332-1 kernel (Google Search)
http://www.securityfocus.com/archive/1/archive/1/499044/100/0/threaded
http://marc.info/?l=linux-netdev&m=122841256115780&w=2
Debian Security Information: DSA-1787 (Google Search)
http://www.debian.org/security/2009/dsa-1787
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01358.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:032
http://www.redhat.com/support/errata/RHSA-2009-0225.html
http://www.redhat.com/support/errata/RHSA-2009-0053.html
SuSE Security Announcement: SUSE-SA:2009:004 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00006.html
SuSE Security Announcement: SUSE-SA:2009:008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00010.html
SuSE Security Announcement: SUSE-SA:2009:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html
http://www.ubuntu.com/usn/usn-715-1
http://www.ubuntulinux.org/support/documentation/usn/usn-714-1
BugTraq ID: 32676
http://www.securityfocus.com/bid/32676
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11288
http://www.securitytracker.com/id?1021360
http://secunia.com/advisories/32913
http://secunia.com/advisories/33623
http://secunia.com/advisories/33641
http://secunia.com/advisories/33704
http://secunia.com/advisories/33756
http://secunia.com/advisories/33706
http://secunia.com/advisories/33854
http://secunia.com/advisories/33348
http://secunia.com/advisories/33083
http://secunia.com/advisories/34981
http://securityreason.com/securityalert/4694
Common Vulnerability Exposure (CVE) ID: CVE-2008-5182
Debian Security Information: DSA-1681 (Google Search)
http://www.debian.org/security/2008/dsa-1681
BugTraq ID: 33503
http://www.securityfocus.com/bid/33503
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10584
http://secunia.com/advisories/32998
Common Vulnerability Exposure (CVE) ID: CVE-2008-5300
Bugtraq: 20100625 VMSA-2010-0010 ESX 3.5 third party update for Service Console kernel (Google Search)
http://www.securityfocus.com/archive/1/archive/1/512019/100/0/threaded
http://marc.info/?l=linux-netdev&m=122721862313564&w=2
http://marc.info/?l=linux-netdev&m=122765505415944&w=2
http://www.redhat.com/support/errata/RHSA-2009-0014.html
RedHat Security Advisories: RHSA-2009:1550
https://rhn.redhat.com/errata/RHSA-2009-1550.html
BugTraq ID: 32516
http://www.securityfocus.com/bid/32516
http://osvdb.org/50272
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10283
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11427
http://secunia.com/advisories/33556
http://securityreason.com/securityalert/4673
XForce ISS Database: linux-kernel-sendmsg-dos(46943)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46943
Common Vulnerability Exposure (CVE) ID: CVE-2008-5395
http://marc.info/?l=linux-parisc&m=121736357203624&w=2
Debian Security Information: DSA-1794 (Google Search)
http://www.debian.org/security/2009/dsa-1794
BugTraq ID: 32636
http://www.securityfocus.com/bid/32636
http://secunia.com/advisories/32933
http://secunia.com/advisories/35011
XForce ISS Database: linux-kernel-pariscshowstack-dos(47075)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47075
Common Vulnerability Exposure (CVE) ID: CVE-2008-5700
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
http://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded
http://openwall.com/lists/oss-security/2008/12/09/2
http://www.redhat.com/support/errata/RHSA-2009-0331.html
http://www.redhat.com/support/errata/RHSA-2009-0326.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10948
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8606
http://secunia.com/advisories/34252
http://secunia.com/advisories/33758
http://secunia.com/advisories/34762
http://secunia.com/advisories/37471
http://www.vupen.com/english/advisories/2009/3316
XForce ISS Database: linux-kernel-libata-dos(47669)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47669
Common Vulnerability Exposure (CVE) ID: CVE-2008-5702
http://lkml.org/lkml/2008/10/5/173
http://openwall.com/lists/oss-security/2008/12/10/2
http://openwall.com/lists/oss-security/2008/12/17/6
http://openwall.com/lists/oss-security/2008/12/17/9
http://openwall.com/lists/oss-security/2008/12/17/20
SuSE Security Announcement: SUSE-SA:2009:030 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11344
http://secunia.com/advisories/35390
XForce ISS Database: linux-kernel-ibwdtioctl-unknown(47667)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47667
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 58768 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

Registro de Nuevo Usuario
Email:
Usuario:
Contraseña:
Envíeme por email sus boletines mensuales, informándome los últimos servicios, mejoras y encuestas.
Por favor envíeme por email un anuncio de prueba de vulnerabilidades siempre que se agregue una nueva prueba.
   Privacidad
Ingreso de Usuario Registrado
 
Usuario:   
Contraseña:  

 ¿Olvidó su usuario o contraseña??
Email/ID de Usario:




Principal | Acerca de Nosotros | Contáctenos | Programas de Asociado | Developer APIs | Privacidad | Listas de Correo | Abuso
Auditorías de Seguridad | DNS Administrado | Monitoreo de Red | Analizador de Sitio | Informes de Investigación de Internet
Prueba de Web | Whois

© 1998-2017 E-Soft Inc. Todos los derechos reservados.